5.7
MEDIUM
CVE-2023-20521
Adafruit Feather M0 SPI Bootloader TOCTOU
Description

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

INFO

Published Date :

Nov. 14, 2023, 7:15 p.m.

Last Modified :

June 18, 2024, 7:15 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.2

Exploitability Score :

0.5
Affected Products

The following products are affected by CVE-2023-20521 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Amd epyc_7h12_firmware
2 Amd epyc_7f72_firmware
3 Amd epyc_7f52_firmware
4 Amd epyc_7f32_firmware
5 Amd epyc_7742_firmware
6 Amd epyc_7702p_firmware
7 Amd epyc_7702_firmware
8 Amd epyc_7662_firmware
9 Amd epyc_7642_firmware
10 Amd epyc_7552_firmware
11 Amd epyc_7542_firmware
12 Amd epyc_7532_firmware
13 Amd epyc_7502p_firmware
14 Amd epyc_7502_firmware
15 Amd epyc_7452_firmware
16 Amd epyc_7402_firmware
17 Amd epyc_7402p_firmware
18 Amd epyc_7352_firmware
19 Amd epyc_7302p_firmware
20 Amd epyc_7302_firmware
21 Amd epyc_7282_firmware
22 Amd epyc_7272_firmware
23 Amd epyc_7262_firmware
24 Amd epyc_7252_firmware
25 Amd epyc_7232p_firmware
26 Amd epyc_72f3_firmware
27 Amd epyc_7313_firmware
28 Amd epyc_7313p_firmware
29 Amd epyc_7343_firmware
30 Amd epyc_7373x_firmware
31 Amd epyc_73f3_firmware
32 Amd epyc_7413_firmware
33 Amd epyc_7443_firmware
34 Amd epyc_7443p_firmware
35 Amd epyc_7453_firmware
36 Amd epyc_74f3_firmware
37 Amd epyc_7513_firmware
38 Amd epyc_7543_firmware
39 Amd epyc_7543p_firmware
40 Amd epyc_7573x_firmware
41 Amd epyc_75f3_firmware
42 Amd epyc_7643_firmware
43 Amd epyc_7663_firmware
44 Amd epyc_7713_firmware
45 Amd epyc_7713p_firmware
46 Amd epyc_7763_firmware
47 Amd epyc_7773x_firmware
48 Amd athlon_gold_pro_3150g_firmware
49 Amd athlon_gold_pro_3150ge_firmware
50 Amd ryzen_threadripper_2920x_firmware
51 Amd ryzen_threadripper_2950x_firmware
52 Amd ryzen_threadripper_2970wx_firmware
53 Amd ryzen_threadripper_2990wx_firmware
54 Amd ryzen_3_3200u_firmware
55 Amd ryzen_3_3250c_firmware
56 Amd ryzen_3_3250u_firmware
57 Amd ryzen_3_3300u_firmware
58 Amd ryzen_3_3350u_firmware
59 Amd ryzen_5_3450u_firmware
60 Amd ryzen_5_3500c_firmware
61 Amd ryzen_5_3500u_firmware
62 Amd ryzen_5_3550h_firmware
63 Amd ryzen_5_3580u_firmware
64 Amd ryzen_7_3700c_firmware
65 Amd ryzen_7_3700u_firmware
66 Amd ryzen_7_3750h_firmware
67 Amd ryzen_7_3780u_firmware
68 Amd epyc_7001_firmware
69 Amd epyc_7251_firmware
70 Amd epyc_7261_firmware
71 Amd epyc_7281_firmware
72 Amd epyc_7301_firmware
73 Amd epyc_7351_firmware
74 Amd epyc_7371_firmware
75 Amd epyc_7401_firmware
76 Amd epyc_7401p_firmware
77 Amd epyc_7451_firmware
78 Amd epyc_7501_firmware
79 Amd epyc_7551_firmware
80 Amd epyc_7551p_firmware
81 Amd epyc_7601_firmware
82 Amd epyc_7351p_firmware
83 Amd epyc_7473x_firmware
84 Amd athlon_pro_300ge_firmware
85 Amd athlon_gold_3150g_firmware
86 Amd epyc_7663p_firmware
87 Amd epyc_7643p_firmware
88 Amd epyc_7303p_firmware
89 Amd epyc_7303_firmware
90 Amd epyc_7203p_firmware
91 Amd epyc_7203_firmware
92 Amd epyc_7232p
93 Amd epyc_7251
94 Amd epyc_7252
95 Amd epyc_7261
96 Amd epyc_7262
97 Amd epyc_7272
98 Amd epyc_7281
99 Amd epyc_7282
100 Amd epyc_72f3
101 Amd epyc_7301
102 Amd epyc_7302
103 Amd epyc_7302p
104 Amd epyc_7313
105 Amd epyc_7313p
106 Amd epyc_7343
107 Amd epyc_7351
108 Amd epyc_7351p
109 Amd epyc_7352
110 Amd epyc_7371
111 Amd epyc_73f3
112 Amd epyc_7401
113 Amd epyc_7401p
114 Amd epyc_7402
115 Amd epyc_7402p
116 Amd epyc_7413
117 Amd epyc_7443
118 Amd epyc_7443p
119 Amd epyc_7451
120 Amd epyc_7452
121 Amd epyc_7453
122 Amd epyc_74f3
123 Amd epyc_7501
124 Amd epyc_7502
125 Amd epyc_7502p
126 Amd epyc_7513
127 Amd epyc_7532
128 Amd epyc_7542
129 Amd epyc_7543
130 Amd epyc_7543p
131 Amd epyc_7551
132 Amd epyc_7551p
133 Amd epyc_7552
134 Amd epyc_75f3
135 Amd epyc_7601
136 Amd epyc_7642
137 Amd epyc_7643
138 Amd epyc_7662
139 Amd epyc_7663
140 Amd epyc_7702
141 Amd epyc_7702p
142 Amd epyc_7713
143 Amd epyc_7713p
144 Amd epyc_7742
145 Amd epyc_7763
146 Amd epyc_7f32
147 Amd epyc_7f52
148 Amd epyc_7f72
149 Amd epyc_7h12
150 Amd amd_3015e_firmware
151 Amd amd_3015ce_firmware
152 Amd epyc_7773x
153 Amd epyc_7573x
154 Amd epyc_7473x
155 Amd epyc_7373x
156 Amd athlon_pro_300ge
157 Amd athlon_gold_pro_3150ge
158 Amd athlon_gold_3150g
159 Amd athlon_gold_pro_3150g
160 Amd epyc_7203
161 Amd epyc_7203p
162 Amd epyc_7303
163 Amd epyc_7303p
164 Amd epyc_7643p
165 Amd epyc_7663p
166 Amd epyc_7001
167 Amd ryzen_threadripper_2990wx
168 Amd ryzen_threadripper_2970wx
169 Amd ryzen_threadripper_2950x
170 Amd ryzen_threadripper_2920x
171 Amd ryzen_7_3780u
172 Amd ryzen_7_3750h
173 Amd ryzen_7_3700c
174 Amd ryzen_7_3700u
175 Amd ryzen_5_3580u
176 Amd ryzen_5_3550h
177 Amd ryzen_5_3500c
178 Amd ryzen_5_3500u
179 Amd ryzen_5_3450u
180 Amd ryzen_3_3350u
181 Amd ryzen_3_3300u
182 Amd ryzen_3_3250u
183 Amd ryzen_3_3250c
184 Amd ryzen_3_3200u
185 Amd amd_3015e
186 Amd amd_3015ce
: Total Affected Vendor : 1 | Products : 186
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-20521.

URL Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-20521 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-20521 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Jun. 18, 2024

    Action Type Old Value New Value
    Changed Description TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
    Added CVSS V3.1 Advanced Micro Devices Inc. AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Feb. 13, 2024

    Action Type Old Value New Value
    Added Reference Advanced Micro Devices Inc. https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001 [No types assigned]
  • Initial Analysis by [email protected]

    Nov. 27, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
    Changed Reference Type https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 No Types Assigned https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 Vendor Advisory
    Changed Reference Type https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 No Types Assigned https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 Vendor Advisory
    Added CWE NIST CWE-367
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7001_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7251_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7261_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7281_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7301_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7351_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7351p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7371_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7401_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7401p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7451_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7501_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7551_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7551p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7601_firmware:*:*:*:*:*:*:*:* versions up to (excluding) naplespi_1.0.0.h OR cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7232p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7232p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7252_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7252:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7262_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7262:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7272_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7272:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7282_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7282:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7302_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7302:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7302p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7302p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7352_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7352:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7402_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7402:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7402p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7402p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7452_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7452:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7502_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7502:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7502p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7502p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7532_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7532:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7542_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7542:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7552_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7552:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7642_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7642:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7662_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7662:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7702_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7702:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7702p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7702p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7742_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7742:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7f32_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7f32:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7f52_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7f52:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7f72_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7f72:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7h12_firmware:*:*:*:*:*:*:*:* versions up to (excluding) romepi_1.0.0.d OR cpe:2.3:h:amd:epyc_7h12:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7663p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7663p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7643p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7643p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7303p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7303p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7303_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7303:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7203p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7203p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:epyc_7203_firmware:*:*:*:*:*:*:*:* versions up to (excluding) milanpi_1.0.0.7 OR cpe:2.3:h:amd:epyc_7203:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) summitpi-sp3r2_1.1.0.6 OR cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) summitpi-sp3r2_1.1.0.6 OR cpe:2.3:h:amd:ryzen_threadripper_2970wx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:*:*:*:*:*:*:*:* versions up to (excluding) summitpi-sp3r2_1.1.0.6 OR cpe:2.3:h:amd:ryzen_threadripper_2950x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:*:*:*:*:*:*:*:* versions up to (excluding) summitpi-sp3r2_1.1.0.6 OR cpe:2.3:h:amd:ryzen_threadripper_2920x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_7_3780u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_7_3780u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_7_3750h_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_7_3750h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_7_3700c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_7_3700c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_7_3700u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_7_3700u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_5_3580u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_5_3580u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_5_3550h_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_5_3550h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_5_3500c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_5_3500c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_5_3500u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_5_3500u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_5_3450u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_5_3450u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_3_3350u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_3_3350u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_3_3300u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_3_3300u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_3_3250u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_3_3250u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_3_3250c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_3_3250c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:ryzen_3_3200u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) picassopi-fp5_1.0.0.e OR cpe:2.3:h:amd:ryzen_3_3200u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:amd_3015e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) pollockpi-ft5_1.0.0.4 OR cpe:2.3:h:amd:amd_3015e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:amd:amd_3015ce_firmware:*:*:*:*:*:*:*:* versions up to (excluding) pollockpi-ft5_1.0.0.4 OR cpe:2.3:h:amd:amd_3015ce:-:*:*:*:*:*:*:*
  • CVE Received by [email protected]

    Nov. 14, 2023

    Action Type Old Value New Value
    Added Description TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
    Added Reference Advanced Micro Devices Inc. https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 [No types assigned]
    Added Reference Advanced Micro Devices Inc. https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-20521 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-20521 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.05 }} -0.00%

score

0.15589

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: